Outside attacks caused almost half of healthcare data breaches in July

Data breaches in the healthcare industry were most likely caused by outside hacking in July, the first month in 2017 in which threats from outside healthcare organizations exceeded insider breaches, according to Protenus, a security firm that tracks industry breaches.

Hacking attacks in healthcare exceeded inside breaches both in frequency and number of affected patients, says Protenus, which publishes a monthly “Breach Barometer” report. The company offers technology that enables hospitals to understand who in the facility should be accessing the electronic health record system.

Hacking accounted for nearly half of all disclosed breaches in July, but Protenus cautions that damage from continuing insider breaches should not be overlooked.

In total, there were 36 disclosed breaches during July; for the 29 incidents for which Protenus has data, records of 575,142 patients were put at risk. The largest breach, involving the records of 300,000 patients, occurred at Women’s Health Care Group of Pennsylvania.

The 17 outside hacking attacks that occurred during July comprised 516,053 patient records, 21 times the number of records that were inappropriately accessed by insiders.

Protenus’ data suggest that 10 of the hacks involved ransomware; five were caused by phishing attacks; and one was based on extortion. Three other incidents that were not fully confirmed could mean that the records of 18,000 additional patients were put at risk.